pkcs12.h revision 296465
1/* pkcs12.h */ 2/* 3 * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project 4 * 1999. 5 */ 6/* ==================================================================== 7 * Copyright (c) 1999 The OpenSSL Project. All rights reserved. 8 * 9 * Redistribution and use in source and binary forms, with or without 10 * modification, are permitted provided that the following conditions 11 * are met: 12 * 13 * 1. Redistributions of source code must retain the above copyright 14 * notice, this list of conditions and the following disclaimer. 15 * 16 * 2. Redistributions in binary form must reproduce the above copyright 17 * notice, this list of conditions and the following disclaimer in 18 * the documentation and/or other materials provided with the 19 * distribution. 20 * 21 * 3. All advertising materials mentioning features or use of this 22 * software must display the following acknowledgment: 23 * "This product includes software developed by the OpenSSL Project 24 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" 25 * 26 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to 27 * endorse or promote products derived from this software without 28 * prior written permission. For written permission, please contact 29 * licensing@OpenSSL.org. 30 * 31 * 5. Products derived from this software may not be called "OpenSSL" 32 * nor may "OpenSSL" appear in their names without prior written 33 * permission of the OpenSSL Project. 34 * 35 * 6. Redistributions of any form whatsoever must retain the following 36 * acknowledgment: 37 * "This product includes software developed by the OpenSSL Project 38 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" 39 * 40 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY 41 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 42 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 43 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR 44 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 45 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 46 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 47 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 49 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 50 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 51 * OF THE POSSIBILITY OF SUCH DAMAGE. 52 * ==================================================================== 53 * 54 * This product includes cryptographic software written by Eric Young 55 * (eay@cryptsoft.com). This product includes software written by Tim 56 * Hudson (tjh@cryptsoft.com). 57 * 58 */ 59 60#ifndef HEADER_PKCS12_H 61# define HEADER_PKCS12_H 62 63# include <openssl/bio.h> 64# include <openssl/x509.h> 65 66#ifdef __cplusplus 67extern "C" { 68#endif 69 70# define PKCS12_KEY_ID 1 71# define PKCS12_IV_ID 2 72# define PKCS12_MAC_ID 3 73 74/* Default iteration count */ 75# ifndef PKCS12_DEFAULT_ITER 76# define PKCS12_DEFAULT_ITER PKCS5_DEFAULT_ITER 77# endif 78 79# define PKCS12_MAC_KEY_LENGTH 20 80 81# define PKCS12_SALT_LEN 8 82 83/* Uncomment out next line for unicode password and names, otherwise ASCII */ 84 85/* 86 * #define PBE_UNICODE 87 */ 88 89# ifdef PBE_UNICODE 90# define PKCS12_key_gen PKCS12_key_gen_uni 91# define PKCS12_add_friendlyname PKCS12_add_friendlyname_uni 92# else 93# define PKCS12_key_gen PKCS12_key_gen_asc 94# define PKCS12_add_friendlyname PKCS12_add_friendlyname_asc 95# endif 96 97/* MS key usage constants */ 98 99# define KEY_EX 0x10 100# define KEY_SIG 0x80 101 102typedef struct { 103 X509_SIG *dinfo; 104 ASN1_OCTET_STRING *salt; 105 ASN1_INTEGER *iter; /* defaults to 1 */ 106} PKCS12_MAC_DATA; 107 108typedef struct { 109 ASN1_INTEGER *version; 110 PKCS12_MAC_DATA *mac; 111 PKCS7 *authsafes; 112} PKCS12; 113 114PREDECLARE_STACK_OF(PKCS12_SAFEBAG) typedef struct { 115 ASN1_OBJECT *type; 116 union { 117 struct pkcs12_bag_st *bag; /* secret, crl and certbag */ 118 struct pkcs8_priv_key_info_st *keybag; /* keybag */ 119 X509_SIG *shkeybag; /* shrouded key bag */ 120 STACK_OF(PKCS12_SAFEBAG) *safes; 121 ASN1_TYPE *other; 122 } value; 123 STACK_OF(X509_ATTRIBUTE) *attrib; 124} PKCS12_SAFEBAG; 125 126DECLARE_STACK_OF(PKCS12_SAFEBAG) 127DECLARE_ASN1_SET_OF(PKCS12_SAFEBAG) 128DECLARE_PKCS12_STACK_OF(PKCS12_SAFEBAG) 129 130typedef struct pkcs12_bag_st { 131 ASN1_OBJECT *type; 132 union { 133 ASN1_OCTET_STRING *x509cert; 134 ASN1_OCTET_STRING *x509crl; 135 ASN1_OCTET_STRING *octet; 136 ASN1_IA5STRING *sdsicert; 137 ASN1_TYPE *other; /* Secret or other bag */ 138 } value; 139} PKCS12_BAGS; 140 141# define PKCS12_ERROR 0 142# define PKCS12_OK 1 143 144/* Compatibility macros */ 145 146# define M_PKCS12_x5092certbag PKCS12_x5092certbag 147# define M_PKCS12_x509crl2certbag PKCS12_x509crl2certbag 148 149# define M_PKCS12_certbag2x509 PKCS12_certbag2x509 150# define M_PKCS12_certbag2x509crl PKCS12_certbag2x509crl 151 152# define M_PKCS12_unpack_p7data PKCS12_unpack_p7data 153# define M_PKCS12_pack_authsafes PKCS12_pack_authsafes 154# define M_PKCS12_unpack_authsafes PKCS12_unpack_authsafes 155# define M_PKCS12_unpack_p7encdata PKCS12_unpack_p7encdata 156 157# define M_PKCS12_decrypt_skey PKCS12_decrypt_skey 158# define M_PKCS8_decrypt PKCS8_decrypt 159 160# define M_PKCS12_bag_type(bg) OBJ_obj2nid((bg)->type) 161# define M_PKCS12_cert_bag_type(bg) OBJ_obj2nid((bg)->value.bag->type) 162# define M_PKCS12_crl_bag_type M_PKCS12_cert_bag_type 163 164# define PKCS12_get_attr(bag, attr_nid) \ 165 PKCS12_get_attr_gen(bag->attrib, attr_nid) 166 167# define PKCS8_get_attr(p8, attr_nid) \ 168 PKCS12_get_attr_gen(p8->attributes, attr_nid) 169 170# define PKCS12_mac_present(p12) ((p12)->mac ? 1 : 0) 171 172PKCS12_SAFEBAG *PKCS12_x5092certbag(X509 *x509); 173PKCS12_SAFEBAG *PKCS12_x509crl2certbag(X509_CRL *crl); 174X509 *PKCS12_certbag2x509(PKCS12_SAFEBAG *bag); 175X509_CRL *PKCS12_certbag2x509crl(PKCS12_SAFEBAG *bag); 176 177PKCS12_SAFEBAG *PKCS12_item_pack_safebag(void *obj, const ASN1_ITEM *it, 178 int nid1, int nid2); 179PKCS12_SAFEBAG *PKCS12_MAKE_KEYBAG(PKCS8_PRIV_KEY_INFO *p8); 180PKCS8_PRIV_KEY_INFO *PKCS8_decrypt(X509_SIG *p8, const char *pass, 181 int passlen); 182PKCS8_PRIV_KEY_INFO *PKCS12_decrypt_skey(PKCS12_SAFEBAG *bag, 183 const char *pass, int passlen); 184X509_SIG *PKCS8_encrypt(int pbe_nid, const EVP_CIPHER *cipher, 185 const char *pass, int passlen, unsigned char *salt, 186 int saltlen, int iter, PKCS8_PRIV_KEY_INFO *p8); 187PKCS12_SAFEBAG *PKCS12_MAKE_SHKEYBAG(int pbe_nid, const char *pass, 188 int passlen, unsigned char *salt, 189 int saltlen, int iter, 190 PKCS8_PRIV_KEY_INFO *p8); 191PKCS7 *PKCS12_pack_p7data(STACK_OF(PKCS12_SAFEBAG) *sk); 192STACK_OF(PKCS12_SAFEBAG) *PKCS12_unpack_p7data(PKCS7 *p7); 193PKCS7 *PKCS12_pack_p7encdata(int pbe_nid, const char *pass, int passlen, 194 unsigned char *salt, int saltlen, int iter, 195 STACK_OF(PKCS12_SAFEBAG) *bags); 196STACK_OF(PKCS12_SAFEBAG) *PKCS12_unpack_p7encdata(PKCS7 *p7, const char *pass, 197 int passlen); 198 199int PKCS12_pack_authsafes(PKCS12 *p12, STACK_OF(PKCS7) *safes); 200STACK_OF(PKCS7) *PKCS12_unpack_authsafes(PKCS12 *p12); 201 202int PKCS12_add_localkeyid(PKCS12_SAFEBAG *bag, unsigned char *name, 203 int namelen); 204int PKCS12_add_friendlyname_asc(PKCS12_SAFEBAG *bag, const char *name, 205 int namelen); 206int PKCS12_add_CSPName_asc(PKCS12_SAFEBAG *bag, const char *name, 207 int namelen); 208int PKCS12_add_friendlyname_uni(PKCS12_SAFEBAG *bag, 209 const unsigned char *name, int namelen); 210int PKCS8_add_keyusage(PKCS8_PRIV_KEY_INFO *p8, int usage); 211ASN1_TYPE *PKCS12_get_attr_gen(STACK_OF(X509_ATTRIBUTE) *attrs, int attr_nid); 212char *PKCS12_get_friendlyname(PKCS12_SAFEBAG *bag); 213unsigned char *PKCS12_pbe_crypt(X509_ALGOR *algor, const char *pass, 214 int passlen, unsigned char *in, int inlen, 215 unsigned char **data, int *datalen, 216 int en_de); 217void *PKCS12_item_decrypt_d2i(X509_ALGOR *algor, const ASN1_ITEM *it, 218 const char *pass, int passlen, 219 ASN1_OCTET_STRING *oct, int zbuf); 220ASN1_OCTET_STRING *PKCS12_item_i2d_encrypt(X509_ALGOR *algor, 221 const ASN1_ITEM *it, 222 const char *pass, int passlen, 223 void *obj, int zbuf); 224PKCS12 *PKCS12_init(int mode); 225int PKCS12_key_gen_asc(const char *pass, int passlen, unsigned char *salt, 226 int saltlen, int id, int iter, int n, 227 unsigned char *out, const EVP_MD *md_type); 228int PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt, 229 int saltlen, int id, int iter, int n, 230 unsigned char *out, const EVP_MD *md_type); 231int PKCS12_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, 232 ASN1_TYPE *param, const EVP_CIPHER *cipher, 233 const EVP_MD *md_type, int en_de); 234int PKCS12_gen_mac(PKCS12 *p12, const char *pass, int passlen, 235 unsigned char *mac, unsigned int *maclen); 236int PKCS12_verify_mac(PKCS12 *p12, const char *pass, int passlen); 237int PKCS12_set_mac(PKCS12 *p12, const char *pass, int passlen, 238 unsigned char *salt, int saltlen, int iter, 239 const EVP_MD *md_type); 240int PKCS12_setup_mac(PKCS12 *p12, int iter, unsigned char *salt, 241 int saltlen, const EVP_MD *md_type); 242# if defined(NETWARE) || defined(OPENSSL_SYS_NETWARE) 243/* Rename these functions to avoid name clashes on NetWare OS */ 244unsigned char *OPENSSL_asc2uni(const char *asc, int asclen, 245 unsigned char **uni, int *unilen); 246char *OPENSSL_uni2asc(unsigned char *uni, int unilen); 247# else 248unsigned char *asc2uni(const char *asc, int asclen, unsigned char **uni, 249 int *unilen); 250char *uni2asc(unsigned char *uni, int unilen); 251# endif 252DECLARE_ASN1_FUNCTIONS(PKCS12) 253DECLARE_ASN1_FUNCTIONS(PKCS12_MAC_DATA) 254DECLARE_ASN1_FUNCTIONS(PKCS12_SAFEBAG) 255DECLARE_ASN1_FUNCTIONS(PKCS12_BAGS) 256 257DECLARE_ASN1_ITEM(PKCS12_SAFEBAGS) 258DECLARE_ASN1_ITEM(PKCS12_AUTHSAFES) 259 260void PKCS12_PBE_add(void); 261int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert, 262 STACK_OF(X509) **ca); 263PKCS12 *PKCS12_create(char *pass, char *name, EVP_PKEY *pkey, X509 *cert, 264 STACK_OF(X509) *ca, int nid_key, int nid_cert, int iter, 265 int mac_iter, int keytype); 266 267PKCS12_SAFEBAG *PKCS12_add_cert(STACK_OF(PKCS12_SAFEBAG) **pbags, X509 *cert); 268PKCS12_SAFEBAG *PKCS12_add_key(STACK_OF(PKCS12_SAFEBAG) **pbags, 269 EVP_PKEY *key, int key_usage, int iter, 270 int key_nid, char *pass); 271int PKCS12_add_safe(STACK_OF(PKCS7) **psafes, STACK_OF(PKCS12_SAFEBAG) *bags, 272 int safe_nid, int iter, char *pass); 273PKCS12 *PKCS12_add_safes(STACK_OF(PKCS7) *safes, int p7_nid); 274 275int i2d_PKCS12_bio(BIO *bp, PKCS12 *p12); 276int i2d_PKCS12_fp(FILE *fp, PKCS12 *p12); 277PKCS12 *d2i_PKCS12_bio(BIO *bp, PKCS12 **p12); 278PKCS12 *d2i_PKCS12_fp(FILE *fp, PKCS12 **p12); 279int PKCS12_newpass(PKCS12 *p12, char *oldpass, char *newpass); 280 281/* BEGIN ERROR CODES */ 282/* 283 * The following lines are auto generated by the script mkerr.pl. Any changes 284 * made after this point may be overwritten when the script is next run. 285 */ 286void ERR_load_PKCS12_strings(void); 287 288/* Error codes for the PKCS12 functions. */ 289 290/* Function codes. */ 291# define PKCS12_F_PARSE_BAG 129 292# define PKCS12_F_PARSE_BAGS 103 293# define PKCS12_F_PKCS12_ADD_FRIENDLYNAME 100 294# define PKCS12_F_PKCS12_ADD_FRIENDLYNAME_ASC 127 295# define PKCS12_F_PKCS12_ADD_FRIENDLYNAME_UNI 102 296# define PKCS12_F_PKCS12_ADD_LOCALKEYID 104 297# define PKCS12_F_PKCS12_CREATE 105 298# define PKCS12_F_PKCS12_GEN_MAC 107 299# define PKCS12_F_PKCS12_INIT 109 300# define PKCS12_F_PKCS12_ITEM_DECRYPT_D2I 106 301# define PKCS12_F_PKCS12_ITEM_I2D_ENCRYPT 108 302# define PKCS12_F_PKCS12_ITEM_PACK_SAFEBAG 117 303# define PKCS12_F_PKCS12_KEY_GEN_ASC 110 304# define PKCS12_F_PKCS12_KEY_GEN_UNI 111 305# define PKCS12_F_PKCS12_MAKE_KEYBAG 112 306# define PKCS12_F_PKCS12_MAKE_SHKEYBAG 113 307# define PKCS12_F_PKCS12_NEWPASS 128 308# define PKCS12_F_PKCS12_PACK_P7DATA 114 309# define PKCS12_F_PKCS12_PACK_P7ENCDATA 115 310# define PKCS12_F_PKCS12_PARSE 118 311# define PKCS12_F_PKCS12_PBE_CRYPT 119 312# define PKCS12_F_PKCS12_PBE_KEYIVGEN 120 313# define PKCS12_F_PKCS12_SETUP_MAC 122 314# define PKCS12_F_PKCS12_SET_MAC 123 315# define PKCS12_F_PKCS12_UNPACK_AUTHSAFES 130 316# define PKCS12_F_PKCS12_UNPACK_P7DATA 131 317# define PKCS12_F_PKCS12_VERIFY_MAC 126 318# define PKCS12_F_PKCS8_ADD_KEYUSAGE 124 319# define PKCS12_F_PKCS8_ENCRYPT 125 320 321/* Reason codes. */ 322# define PKCS12_R_CANT_PACK_STRUCTURE 100 323# define PKCS12_R_CONTENT_TYPE_NOT_DATA 121 324# define PKCS12_R_DECODE_ERROR 101 325# define PKCS12_R_ENCODE_ERROR 102 326# define PKCS12_R_ENCRYPT_ERROR 103 327# define PKCS12_R_ERROR_SETTING_ENCRYPTED_DATA_TYPE 120 328# define PKCS12_R_INVALID_NULL_ARGUMENT 104 329# define PKCS12_R_INVALID_NULL_PKCS12_POINTER 105 330# define PKCS12_R_IV_GEN_ERROR 106 331# define PKCS12_R_KEY_GEN_ERROR 107 332# define PKCS12_R_MAC_ABSENT 108 333# define PKCS12_R_MAC_GENERATION_ERROR 109 334# define PKCS12_R_MAC_SETUP_ERROR 110 335# define PKCS12_R_MAC_STRING_SET_ERROR 111 336# define PKCS12_R_MAC_VERIFY_ERROR 112 337# define PKCS12_R_MAC_VERIFY_FAILURE 113 338# define PKCS12_R_PARSE_ERROR 114 339# define PKCS12_R_PKCS12_ALGOR_CIPHERINIT_ERROR 115 340# define PKCS12_R_PKCS12_CIPHERFINAL_ERROR 116 341# define PKCS12_R_PKCS12_PBE_CRYPT_ERROR 117 342# define PKCS12_R_UNKNOWN_DIGEST_ALGORITHM 118 343# define PKCS12_R_UNSUPPORTED_PKCS12_MODE 119 344 345#ifdef __cplusplus 346} 347#endif 348#endif 349